Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

The Apache Software Foundation fixed four vulnerabilities Friday tied to its popular Apache OpenOffice suite of free productivity applications. The patches are for the suite’s word processing and graphics apps. Each of the vulnerabilities are rated medium in severity.

Three of the four bugs patched are out-of-bound vulnerabilities that if exploited could allow for arbitrary code execution. Each three of these bugs were found by Cisco Talos, which alerted The Apache Software Foundation of its discovery in March.

On Thursday, Apache Software Foundation publicly acknowledged the bugs, affecting OpenOffice 4.1.3, and offered a 4.1.4 update to the office suite which fixes the problems.

One of the OpenOffice vulnerabilities (CVE-2017-9806) found by Talos allows an attacker to create a malicious font that can lead to an out of bound write vulnerability, which triggers the remote code execution event.

“The vulnerability is in the WW8Fonts::WW8Fonts class of the OpenOffice word processor application. An attacker can build a malicious .doc (Microsoft Word Binary File Format) file with a specially crafted malicious font,” wrote Marcin Noga, the Cisco Talos researcher credited for finding each of the out-of-bound vulnerabilities.

The second vulnerability (CVE-2017-12608) Noga said exists in the ‘WW8RStyle::ImportOldFormatStyles’ functionality of OpenOffice used for document creation. “A specially crafted doc file will cause an out of bound write and result in arbitrary code execution locally on the victim’s machine in the same context of the current running user,” the researcher said.

Another vulnerability (CVE-2017-12607) is in OpenOffice’s Draw application used to create .PPT formatted files. The out of bound write vulnerability exists in the ‘PPTStyleSheet:PPTStyleSheet’ functionality, explains Noga.

“An attacker can create a specifically crafted PPT file which exploits this vulnerability causing an out of bound write and resulting in arbitrary code execution locally on the victim’s machine in the context of the current user,” said the Talos researcher.

Researcher Ben Hayak, product security lead at Salesforce, is credited for finding the fourth vulnerability (CVE-2017-3157) in OpenOffice’s word processor application. It was also patched Friday.

“By exploiting the way OpenOffice renders embedded objects, an attacker could craft a document that allows reading in a file from the user’s filesystem. Information could be retrieved by the attacker by, e.g., using hidden sections to store the information, tricking the user into saving the document and convincing the user to send the document back to the attacker,” wrote OpenOffice in an advisory posted Friday.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.